Fresh reports have uncovered how poorly-protected shared WiFi networks provided by shared workspace company WeWork leaked an “astronomical amount” of private data as well as sensitive company information to third parties.

WeWork offers shared workspaces to established companies, startups, and sole proprietors in 125 cities around the world, allowing them to save occupancy cost and enjoy various advantages such as high-quality workspaces, cost-sharing, and shared WiFi networks.

However, Teemu Airamo, who has been working at a WeWork location in Manhattan for years, recently told CNET that the shared WiFi network provided by the company in his building is so poorly secured that by running a security scan on the building's Wi-Fi network, he has been able to view financial records and devices owned by hundreds of companies that also use the network.

"There's happenings of all kinds in the building, financial companies, companies left and right in different industries. We have, inside this building, a number of financial companies, we have legal companies, and we have some random telemarketers," he said.

Airamo said that WeWork has not strengthened the security of the WiFi network in the past four years even though he raised the issue with the WeWork community manager and made multiple attempts to contact the company.

WeWork charges extra for providing baseline security in WiFi networks

When contacted, a WeWork spokeswoman said that the company offers all of its members the option to elect various enhanced security features, such as a private VLAN, a private SSID or a dedicated end-to-end physical network stack in addition to the standard WeWork network.

However, all of these security features are not available for free for companies that set up shop in WeWork's locations. For example, a Private VLAN offered by the company costs $95 per month (£76.73), a private office network costs $195 per month (£157.50), and the company also charges a one-time fee of $250 ( £202) for setting up Private VLAN, Static IP, and Managed Switch.

While Mike Spicer, chief technology officer at MerchGo, said that WeWork should provide "a baseline level of security included in the package", Jonathan Knudsen, senior security strategist at Synopsys, told TEISS that while many organisations rely on upstream organisations and providers to "take care of security", ultimately each organisation must take control of their own risk.

"Users must realise that shared Wi-Fi networks do very little in the way of assurance about confidentiality. Standard controls such as VPNs or always-TLS connections can help mitigate risk, just as using these same controls on the open internet helps reduce risk.

"Organisations should be proactive in defining and implementing a software security strategy. It's surprisingly easy to get started. Without a security initiative in place, your organisation's risk depends on vendors, suppliers, and the vicissitudes of fate," he added.

About The Author

Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.

Related Posts

Just days after McAfee researchers warned about hackers targeting and compromising several organisations associated with the Winter Olympics, researchers at ThreatConnect have uncovered how hackers are spoofing domains of WADA, …